U.S. Secures Extradition of 19-Year-Old Linked to Scattered Spider

US authorities have intensified their pursuit of individuals linked to the financially motivated hacking collective Scattered Spider, and the extradition of a 19-year-old suspect marks another significant development. 
Peter Stokes, who is a dual citizen of the United States and Estonia, is accused of taking part in coordinated cyber intrusions, ransomware extortion, and fraud operations linked to the group, which disrupted more than 100 organizations across critical industries and generated more than $100 million in extortion payments for the group. 
After Stokes was arrested in Finland on a Red Notice from Interpol, he was transferred to the United States to be tried on several federal charges, which included conspiracy, computer intrusion, and extortion, demonstrating the increasing international cooperation being deployed for the dismantling of one of the most persistent cybercrime groups. 
In describing the prosecution, Federal officials said it is part of an ongoing effort to combat increasingly sophisticated cybercrime activities that target U.S. organizations across a range of industries.
In his remarks, Andrew S. Boutros, U.S. Attorney for the Northern District of Illinois, co-chair of the Acting Attorney General’s White Collar, Cyber, and Crypto Subcommittee Advisory Committee, stated that the allegations of the Scattered Spider attack caused widespread disruption to businesses nationwide and highlighted the increased capabilities of cybercriminals operating across international borders driven by financial gain. 
The Justice Department has demonstrated its commitment to pursuing technologically advanced threat actors regardless of where they are located with the charges, he stressed. In support of this position, Brett Leatherman, Assistant Director of the FBI’s Cyber Division, stated that the group has consistently used employee-focused extortion and network compromise campaigns, which have resulted in millions of dollars of financial losses and disruptions to critical business operations. 
According to him, the investigation illustrates the importance of coordinating the efforts of domestic and international law enforcement to identify, disrupt, and prosecute cybercriminals, wherever they operate. The superseding criminal complaint alleges that Stokes is associated with several cyber intrusions allegedly conducted by his online alias “Bouquet,” including activities that date back to his 16th year of age. 
A prosecutor contends that these activities were part of Scattered Spider’s overall intrusion campaign, which also includes Octo Tempest, UNC3944, and 0ktapus, which are also tracked by security researchers. According to the investigation, the group compromised more than 100 networks by using highly targeted social engineering techniques, enabling the deployment of ransomware, data theft, and extortion schemes that collectively resulted in over $100 million in ransom payments as well as millions more in recovery costs for the organizations affected.
The complaint details a number of incidents in which Stokes and his co-conspirators allegedly breached a luxury jewelry retailer’s network in May 2025, exfiltrating sensitive corporate data and demanding approximately $8 million in cryptocurrency. According to reports, the company declined to negotiate with the attackers, removed them from its environment, and incurred remediation expenses ranging from $2 million to $3 million. 
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: